When an attacker attempts to overload a target system with fake service requests or traffic, the outcome of a successful attack is called a Denial of Service Attack. This attack makes it difficult for users to access legitimate network or computer resources, as the attack blocks access to legitimate websites or slows down the performance of networks.
DoS attacks focus on one attacker and target system, but DDoS also known as Distributed Denial of Service Attack uses numerous zombie systems to tackle a target system. This not only increases the probability of the system is breached, it also ensures that the attack happens faster. The DDoS attack is carried out with botnets, and the attacker uses handlers to compromise a large number of systems, which in turn attacks the target system.
They are also known as bandwidth attacks focus on overwhelming the bandwidth of the target network. This is a DDoS attack and it works with botnets and the use of ICMP ECHO packets, flooding the system and affecting switches and routers who have no defense over the huge statistical change. It uses all the bandwidth allocated to the target system, thereby preventing legitimate users from using any bandwidth.
They prevent the users of the target system from being able to put back together fragmented packets.
This prevents users of the target system from gaining access to application resources. The application layer attacks focus on restricting access to the target network, for instance, emails, network resources, servers, applications and others, by taking note of the vulnerabilities in the source code and using them to their advantage. The attackers can carry out a range of activities with this method. For instance, preventing a user from logging into a particular system by bringing up invalid login attempts.
They affect the connection state tables in the target systems. Areas such as application servers and firewalls are targeted.
This is done through service request floods that target server resources by flooding the servers with high connection rates through valid sources, rendering the server unusable and tearing down the TCP connection.
SYN flooding also works to break down the TCP connection in the target system. Here, the attacker exploits the 75 second listen to the window that opens up while two hosts communicate through SYN requests, by sending SYN requests to the target host without replying until the listen queue is filled up. SYN flooding is a way to carry out DoS attacks.
This allows the attacker have access to five modes of attack to the target system. • HTTP main • HTTP download • HTTP combo • Socket connect • Max Flood
This attacks TCP, UCP, and HTTP protocols, and is used by professionals to take down a target system.
The attack tool is used to target IP addresses, using selected user ports and protocol.
This is an HTTP flood Denial of a service attack testing tool for windows. It carries out attacks using multiple asynchronous sockets. It has numerous uses for URL verification, enhanced reporting, performance monitoring and port designation.
This is an android version of the software and is used to flood packets which are then used to perform DoS attacks
This software is automated and run a couple of tasks on the internet, for instance, web spidering and web search indexing. This simple software can be implemented by attackers to perform DoS attacks. The attacker usually infects one victim machine (a bot), which in turn searches for other vulnerable machines to create a botnet.
The infected bot can search through the internet for vulnerable machines through -
These are tools used to infect systems. Blackshades NET. This is used to develop implant binaries. Andromeda Bot. Cynthia Botnet. Plug both. This is a hardware bot and is used majorly during penetration testing.
A DoS attack affects several aspects of the targeted organization, from loss of trust from the clients end to financial loss and an unorganized company. It is therefore important to note the ways to counter such attacks.
Activity profiling is carried out by monitoring the network packet information header, and results are gotten through the average packet rate for network flow. When there is a drastic shift in the activity levels in network flow clusters or a change in the number of distinct clusters, bordering towards an insane increase, it means an attack is occurring.
This uses algorithms to determine changes in network traffic statistics to locate attacks by filtering the traffic data, storing results as a time series and picking out anomalies from this stored data. Wavelet-based signal analysis
This is another method for discovering attacks. This method uses spectral components and accounts for time and frequency description. This analysis method accounts for the time at which certain frequencies are in the network and also uses the spectral window's energy to find breaches.
When an attack has been discovered, the countermeasures to take are: Analysing traffic and communication ports between handlers to determine the infected machine. Neutralizing bot handlers could serve to disable the botnet system. Installing anti-virus and anti-Trojan software. Keeping protective software up-to-date. Orienting users on these attacks and how to prevent it. Frequently scanning through the system. Disabling services and uninstalling used apps. Finding more about the attacker using a honeypot. The honeypot is a system with lowered defenses, set-up with the aim of drawing the attacker and gaining information about the said attacker. Increase bandwidth on critical connections to allow for the absorption of additional bandwidth generated during the attacks. Duplicate servers to provide a safe zone for the network. * Prevent damage to servers through throttling.
This works on mitigating attacks by allowing legitimate traffic pass through, as opposed to discarding the attack traffic. It protects the system from arp snooping, TCP, SYN flooding, and other DDoS attacks. It also filters UCP/ICMP/IGMP packets for attacks .
Other tools include -
Published with the express permission of the author.